• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

5 Forgotten Technologies Hackers Will Use to Infiltrate Manufacturers in 2019

March 21, 2019 By The Editor

Modern cyber criminals will leave no hardware unturned when it comes to penetrating target networks. According to Verizon’s 2018 Data Breach Investigation Report, external hackers accounted for 89 percent of all attacks against manufacturing organizations. This is a perfect example of how some sectors can be more vulnerable than others. Back offices in factories and manufacturing facilities often host several legitimate – and likely, neglected – attack vectors that malicious actors can infiltrate to make lateral movements through an organization’s network, and even onto the manufacturing floor.

In a recent guest column for IndustryWeek, WatchGuard CTO Corey Nachreiner outlined five outdated technologies that hackers can use to infiltrate manufacturers’ networks. Following is an excerpt from the article that covers a few of these potential weak spots:

  • Video Conference Systems – The level of security found in conference room video systems can be pretty low and although the technology is used frequently for meetings and calls as part of most day-to-day company operations, it can easily be neglected and therefore left vulnerable. Smart cybercriminals can actively look for opportunities to hack video conferencing systems connected to public Wi-Fi networks. Video conference systems are a prime target for hackers, as they can exploit the hardware’s vulnerabilities to spy on highly confidential conversations and company meetings. For this reason, manufacturing companies are urged to create private networks for conference rooms and only connect them to public internet connections when absolutely necessary. If your conferencing system must go online, you should again consider VPN and additional authentication mechanisms to secure that connection. The rule about changing factory-set passwords also applies here, as it does for any IoT device you install.

  • Ventilation, Heating and Cooling Systems – A breached ventilation, heating or cooling system can evolve into an attack severe enough to cause a company’s entire sales operation to collapse, as was seen in the Target breach. These systems are often installed by people with limited IT experience, which makes them a more likely place for hackers to find an entry point into a company’s network. Testing IoT devices and sensors before installation, assigning unique passwords, protecting their often web-based management systems, and regularly updating software updates are important steps toward preventing compromise.

For more on the other three back office technologies at manufacturing organizations that are often overlooked and unsecured, read the complete story in IndustryWeek. To learn about a new malware variant that was just recently discovered targeting business meeting rooms and IoT devices, check out this Daily Security Byte here on Secplicity.

Share This:

Related

Filed Under: Editorial Articles, Featured

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • Here Come The Regulations
  • Successfully Prosecuting a Russian Hacker

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use